22 replies to this topic

[Affix]

Well I was writing a Spider to crawl forums and Mirror them and Needed a way to login to a vBulletin based forum. vBulletin does not Allow a cURL Post unless the URL Has been added to the "allow post from" list in the Admin Control Panel.

Using cURL However we can set an Option that will mask the user agent and Referrer so the vBulletin forum will think we are a normal browser.

Lets Begin by Creating a new PHP Document

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/

?>

Now lets crate a Function in our Document. We should call it vBulletinLogin() and Pass 2 variables. These Variables shall be $user and $pass

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{


}

?>

Now we have our function created we need it to start doing something.
First of all we will need to MD5 The $pass variable as vBulletin submits the MD5 of the password before the server begins to process it.

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

}

?>

Now we have the MD5 of the password submitted we need to create the post data we are going to submit using cURL. I usually do this by using a variable as it makes it easier to read later.

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

       $data = "do=login&url=%2Findex.php&vb_login_md5password=$md5Pass&vb_login_username=$user&cookieuser=1";

}

?>

Notice the syntax of the POST is Similar to a GET.

Now we have the data we should start to Work with our cURL options But first we need to activate cURL this is done by Defininf a variable using curl_init();

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

       $data = "do=login&url=%2Findex.php&vb_login_md5password=$md5Pass&vb_login_username=$user&cookieuser=1";


      $ch = curl_init();

}

?>

Now we have cURL Initialized lets start setting out Options. This is done using the curl_setopt() Function of PHP. I am not going into detail about each cURL option but will show you the Syntax of curl_setopt()

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

       $data = "do=login&url=%2Findex.php&vb_login_md5password=$md5Pass&vb_login_username=$user&cookieuser=1";


       $ch = curl_init();


	curl_setopt ($ch, CURLOPT_URL, "h**p://forum.codecall.net/login.php?do=login"); // replace ** with tt

	curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");

	curl_setopt ($ch, CURLOPT_TIMEOUT, '10');

	curl_setopt($ch, CURLOPT_POST, 1);

	curl_setopt($ch,CURLOPT_POSTFIELDS,$data);

	curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

	$store = curl_exec ($ch);

}

?>

Now we have the Page Returned and it is stored in the Variable $store we can close cURL using curl_close()

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

       $data = "do=login&url=%2Findex.php&vb_login_md5password=$md5Pass&vb_login_username=$user&cookieuser=1";


       $ch = curl_init();


	curl_setopt ($ch, CURLOPT_URL, "h**p://forum.codecall.net/login.php?do=login"); // replace ** with tt

	curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");

	curl_setopt ($ch, CURLOPT_TIMEOUT, '10');

	curl_setopt($ch, CURLOPT_POST, 1);

	curl_setopt($ch,CURLOPT_POSTFIELDS,$data);

	curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

	$store = curl_exec ($ch);


        curl_close($ch);

}

?>

Now we can check to see if we Logged in successfully. To do this we search the page for the string "thank you for logging in" using an IF statement and the strpos function

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

       $data = "do=login&url=%2Findex.php&vb_login_md5password=$md5Pass&vb_login_username=$user&cookieuser=1";


       $ch = curl_init();


	curl_setopt ($ch, CURLOPT_URL, "h**p://forum.codecall.net/login.php?do=login"); // replace ** with tt

	curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");

	curl_setopt ($ch, CURLOPT_TIMEOUT, '10');

	curl_setopt($ch, CURLOPT_POST, 1);

	curl_setopt($ch,CURLOPT_POSTFIELDS,$data);

	curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

	$store = curl_exec ($ch);


        curl_close($ch);


       $pos = strpos($store, "Thank you for Logging in");

       if($pos === FALSE) {

               RETURN 0;

       }

       else

       {

               RETURN 1;

        }

}

?>

Now if the Function finds we are logged in it will return 1 or TRUE
To call it we can do something like this

<?php

/********************

* cURL Tutorial By Affix

* Login to a vB forum

*********************/


function vBulletinLogin($user, $pass)

{

       $md5Pass = md5($pass);

       $data = "do=login&url=%2Findex.php&vb_login_md5password=$md5Pass&vb_login_username=$user&cookieuser=1";


       $ch = curl_init();


	curl_setopt ($ch, CURLOPT_URL, "h**p://forum.codecall.net/login.php?do=login"); // replace ** with tt

	curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");

	curl_setopt ($ch, CURLOPT_TIMEOUT, '10');

	curl_setopt($ch, CURLOPT_POST, 1);

	curl_setopt($ch,CURLOPT_POSTFIELDS,$data);

	curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/codecall_$user.txt");

	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

	$store = curl_exec ($ch);


        curl_close($ch);


       $pos = strpos($store, "Thank you for Logging in");

       if($pos === FALSE) 

      {

               RETURN 0;

       }

       else

       {

               RETURN 1;

        }

}


if(vBulletinLogin("username","password"))

{

       echo "Logged In";

}

else 

{

       echo "Failed to Login check User / Pass";

}

?>

Glossary :
cURL : Client URL. This library basically allows the PHP Server to act as a web browsing client. This libabry is available from hxxp://curl.haxx.se/

[Brandon W]

It seems that cURL is as simple as that ;) Good tutorial mate, +rep :)

[Affix]

Jordan said:

Very nice tutorial! I wrote something similar (although much cruder) a couple of months back. +rep!

P.S. - Please don't mirror CC :)

don't worry :) Its not for spidering these kinds of sites. It was a paid project to copy post text vBulletin makes it so easy by putting comments where the message starts and ends lmao.

I got more coming soon :)

[Brandon W]

So putting comments everywhere is a good thing?

[Affix]

Brandon W said:

So putting comments everywhere is a good thing?

It depends on what you are doing

You done really need

<!-- Message -->

and

<!-- / Message -->

Just makes it easier for postbots and spammers

E.g all you need is use cURL or file_get_contents() and you can do this

	function split_tag($haystack,$start,$end) {
		if (strpos($haystack,$start) === false || strpos($haystack,$end) === false) {
			return false;
		} else {
			$start_position = strpos($haystack,$start)+strlen($start);
			$end_position = strpos($haystack,$end);
			return substr($haystack,$start_position,$end_position-$start_position);
		}
	}

split_tag($content, "<!-- Message -->", "<!-- / Message -->");

it will then return

<div id="post_message_126767">
                  


                  Well I was writing a Spider to crawl forums and Mirror them and Needed a way to login to a vBulletin based forum. vBulletin does not Allow a cURL Post unless the URL Has been added to the "allow post from" list in the Admin Control Panel.<br />
<br />
Using cURL However we can set an Option that will... 
This libabry is available from hxxp://curl.haxx.se/</div>

Then use striptags() on that and you got the full post body.

Then the post has been stolen. Alot of Warez Boards use this technique to leech posts automatically.

[Affix]

Plain and simple..

.. I suck at regex lmao

[Brandon W]

Hmmm, I think I need to learn about Regular Expressions......

You could learn, I use to Google everything when I started HTML. But now, it's like my second language. Just takes time. Maybe VB did this for a reason :S

[WingedPanther]

I'm planning to do a/some regex tutorial(s) before too long. The basics aren't hard at all.

[Brandon W]

I can't wait Winged. I just did a bit of research, I think it would be quite easy. Just trying to remember all the symbols that make up regex's